Support for process isolation on Windows 10 #1822
Comments
|
As I understand it, the main reason is that the Windows kernel ABI (like, for example also the macOS kernel ABI) is not considered stable ie it changes even between Windows 10 releases and may be different to the kernel ABI of say nanoserver and server core (which is what most/all window images are based on). So you can't run nanoserver images on win 10 because the system calls may be different. This also happens on Server (but less frequently), see for example moby/moby#35247. I'm closing this issue as this is not specific to Docker for Windows (the app). Please feel free to follow up on |
|
@rn So, what is the right place to propose a suggestion about Docker for Windows implementation (not app)? |
|
The moby project (https://github.com/moby/moby) is where the development of windows containers with docker happen. You could try there, however, as I explained above, this is really an issue with Windows itself, so you may just get the same answer there. |
|
Process-isolation is disabled on Windows 10 for licensing reasons; see https://github.com/moby/moby/blob/6cd806aa53de41e6f04346150d08e19ec63311e0/daemon/daemon_windows.go#L198-L202 hyperv := daemon.runAsHyperVContainer(hostConfig)
if !hyperv && system.IsWindowsClient() && !system.IsIoTCore() {
// @engine maintainers. This block should not be removed. It partially enforces licensing
// restrictions on Windows. Ping @jhowardmsft if there are concerns or PRs to change this.
return warnings, fmt.Errorf("Windows client operating systems only support Hyper-V containers")
}// IsWindowsClient returns true if the SKU is client
// @engine maintainers - this function should not be removed or modified as it
// is used to enforce licensing restrictions on Windows.
func IsWindowsClient() bool {
osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
if r1 == 0 {
logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err)
return false
}
const verNTWorkstation = 0x00000001
return osviex.ProductType == verNTWorkstation
}(of course, you could remove those parts, and build from source 😇) |
|
Thanks @thaJeztah but license restrictions are not the only concern. The instability of the kernel ABI are likely also an issue. We have already seen this with different revs of Windows Server editions and images |
|
This has been addressed on master through moby/moby#38000 |
|
With process isolation, will it be possible to start the daemon without Hyper-V active? With Docker Desktop 2.0.0.2 (30215) Hyper-V is still required. |
|
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
I am struggling to understand why process isolation is not supported under Windows 10. The best I can turn up is this post back from 2016 hinting at licensing issues.
moby/moby#27524
@microsoft can anyone shed light on the long term strategy as it related to support for process isolation on Windows 10?
Forcing Hyper-V isolation seems does more harm then good as it relates to container adoption on Windows. My servers run process isolation, they run quicker and with reduced overhead, complexity and issues. The Docker for Windows experience has been a far departure from the server side. They do not install the same, they run different binaries, the don't carry with them the same features. For me one of the big value propositions is containers from Dev to Production. Not supporting process isolation is just one of the bigger miss alignments making it difficult to setup and test local what is ultimately going to land itself server side.
The text was updated successfully, but these errors were encountered: